Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Apr 2016 13:44:12 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r412473 - in branches/2016Q2/devel/pcre: . files
Message-ID:  <201604031344.u33DiCaD038592@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Sun Apr  3 13:44:12 2016
New Revision: 412473
URL: https://svnweb.freebsd.org/changeset/ports/412473

Log:
  MFH: r412472
  
  devel/pcre: Add patch to resolve heap overflow vulnerability
  
  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html

Added:
  branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283
     - copied unchanged from r412472, head/devel/pcre/files/patch-CVE-2016-1283
Modified:
  branches/2016Q2/devel/pcre/Makefile
Directory Properties:
  branches/2016Q2/   (props changed)

Modified: branches/2016Q2/devel/pcre/Makefile
==============================================================================
--- branches/2016Q2/devel/pcre/Makefile	Sun Apr  3 13:43:29 2016	(r412472)
+++ branches/2016Q2/devel/pcre/Makefile	Sun Apr  3 13:44:12 2016	(r412473)
@@ -3,7 +3,7 @@
 
 PORTNAME=	pcre
 PORTVERSION=	8.38
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
 		ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \

Copied: branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283 (from r412472, head/devel/pcre/files/patch-CVE-2016-1283)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283	Sun Apr  3 13:44:12 2016	(r412473, copy of r412472, head/devel/pcre/files/patch-CVE-2016-1283)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- pcre_compile.c	(revision 1635)
++++ pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604031344.u33DiCaD038592>